Firewall Wizards mailing list archives
Q154596
From: BPM Mixmaster Remailer <remailer () bpm ai>
Date: Mon, 8 Nov 1999 02:00:07 -0800 (PST)
This may interest some of you... Configuring RPC Dynamic Port Allocation to Work With Firewall -------------------------------------------------------------------------------- The information in this article applies to: Microsoft Windows NT Server version 4.0 -------------------------------------------------------------------------------- IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe. SUMMARY RPC dynamic port allocation is used by remote administration applications such as DHCP Manager, WINS Manager, and so on. RPC dynamic port allocation will instruct the RPC client to use a particular random port above 1024. Customers using firewalls may want to control which ports RPC is using so that their firewall router can be configured to forward only these TCP ports. The following registry entries apply to Windows NT 4.0. They do not apply to previous versions of Windows NT. MORE INFORMATION The values (and Internet key) discussed below do not appear in the registry; they must be added manually using the Registry Editor WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD). With Registry Editor, you can modify the following parameters for RPC. The RPC Port key values discussed below are all located in the following key in the registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\ Key Data Type Ports REG_MULTI_SZ Specifies a set of IP port ranges consisting of either all the ports available from the Internet or all the ports not available from the Internet. Each string represents a single port or an inclusive set of ports (for example,"1000-1050" "1984"). If any entries are outside the range of 0 to 65535, or if any string cannot be interpreted, the RPC run time will treat the entire configuration as invalid. PortsInternetAvailable REG_SZ Y or N (not case-sensitive) If Y, the ports listed in the Ports key are all the Internet- available ports on that computer. If N, the ports listed in the Ports key are all those ports that are not Internet-available. UseInternetPorts REG_SZ ) Y or N (not case-sensitive Specifies the system default policy. If Y, the processes using the default will be assigned ports from the set of Internet-available ports, as defined previously. If N, the processes using the default will be assigned ports from the set of intranet-only ports. Example: Add the Internet key under HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc Under the Internet key, add the values "Ports" (MULTI_SZ), "PortsInternetAvailable" (REG_SZ), and "UseInternetPorts" (REG_SZ). In this example, use ports 1025 through 1030, so the new registry key appears as follows: Ports: REG_MULTI_SZ: 1025-1030 PortsInternetAvailable: REG_SZ: Y UseInternetPorts: REG_SZ: Y Restart the server. All applications that use RPC dynamic port allocation will use ports 1025 through 1030, inclusive. For additional information, please see the following articles in the Microsoft Knowledge Base: Q167128SMS: Network Ports Used by Remote Helpdesk Functions Q179442How to Configure a Firewall for Windows NT and Trusts Additional query words: ephemeral com dcom com+ msmq enterprise Keywords: kbnetwork ntnetserv ntprotocol NTSrv Version: winnt:4.0 Platform: winnt Issue type :
Current thread:
- Q154596 BPM Mixmaster Remailer (Nov 08)
- <Possible follow-ups>
- RE: Q154596 Russ (Nov 09)
- RE: Q154596 Alan Ramsbottom (Nov 10)